Secure Development (S-SDLC)

Companies and organizations usually have established processes and people to create releases and deploy software. Due to the increasing awareness of unsecure software, companies are trying to integrate security within the software development process implementing a Secure Software Development Life Cycle (S-SDLC).

A S-SDLC process ensures that security activities such as penetration testing, code review and architecture analysis are part of the development process used by internal and external development teams.

Usually existing SDLC processes use Application Security Testing (AST) tools and it is not common to implement security architecture reviews to integrate protection against design flaws or business logic flaws.

In other words, existing security tools used during Software Development Life Cycle (SDLC) do not completely cover the security needs of applications. They put the focus only on security bugs and these represent only 50% of risks, leaving applications potentially unsecure. In many cases, this poses important security risks to an application because it depends completely on developers, who are forced to protect and verify applications manually.

Continuous integration and DevOps workflows

The problem is even greater for developers who are doing agile application development and need to adhere to continuous integration and DevOps workflows. They need to meet strict application development deadlines making use of technologies that do not protect applications by default, and in many cases they are not even aware of the main risks. Even those who are, face a huge manual task to avoid them. So, this manual approach is no longer viable.

Hdiv solutions

Simplicity and stronger security

Hdiv accelerates time to market for self-protected applications. Because it is built into the development environment, it only has to be applied once and then it automatically generates self-protected applications. This saves time for developers. Security teams can ensure that new applications are released quickly without the risk of introducing vulnerabilities.

The combination of different techniques provides Hdiv technology with a much higher protection capability than any of the other advanced solutions currently available on the market.

From Development to Production

All Hdiv tools are designed to be integrated from the very beginning of the Software Development Life Cycle (SDLC) and in each developer workstation. This is to promote interactive application security testing (IAST) and early vulnerability detection. Simultaneously, the security configuration which will be used in production is constantly being tested. This avoids a delay in implementing it in production or pre-production servers as all the components have already been checked to ensure they are working as expected.

Hdiv tools are production ready, their main goal being to lever their protection features in order to prevent any attack to the application. At the same time, detection features remain active, so any vulnerability not found previously can be detected and reported to the console.

Developer Key Features

Early vulnerability detection

Protection features are integrated and tested from development phase

Developer-ready tools such as Hdiv Toolbar or Maven plugins

System administrators can monitor Hdiv protected applications and receive alert notifications whenever an event occurs so that they can take any action necessary.